vundo removal not possible until yet -

[guise2]

hi
i have tried to remove an vundo and outer... trojan. tried with vundofix, combofix, killbox - but possibly not in an exact order. my macaffee reports vundo three to five times per hour. is there something i can do...? thanks in advance!

Deckard's System Scanner v20071014.68
Run by Thomas on 2007-11-26 2101
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 3 Restore Point(s) --
3: 2007-11-26 2005 UTC - RP5 - Deckard's System Scanner Restore Point
2: 2007-11-25 22:19:11 UTC - RP4 - ComboFix created restore point
1: 2007-11-25 22:17:44 UTC - RP3 - Systemprüfpunkt


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as Thomas.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:07:32, on 26.11.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Cisco Systems\vpnclient-win-is-4.8.01.0300-k9\cvpnd.exe
C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Programme\Java\jre1.5.0_09\bin\jusched.exe
C:\Programme\Analog Devices\SoundMAX\SMax4PNP.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Programme\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Programme\iTunes\iTunesHelper.exe
C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Programme\McAfee.com\Agent\mcagent.exe
C:\Programme\EPSON\Creativity Suite\Event Manager\EEventManager.exe
C:\Programme\Mindjet\MindManager 6\MMReminderService.exe
c:\programme\gemeinsame dateien\mcafee\mna\mcnasvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Skype\Phone\Skype.exe
c:\PROGRA~1\GEMEIN~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programme\McAfee\MPF\MPFSrv.exe
C:\Programme\Last.fm\LastFMHelper.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Dokumente und Einstellungen\Thomas\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Thomas.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ch/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {2ABAAC42-84DF-4C00-89DA-BC7EB2B0E70B} - C:\WINDOWS\system32\iifdcbx.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\McAfee\VirusScan\scriptsn.dll
O2 - BHO: CmjBrowserHelperObject Object - {AC41D38F-B56D-40AD-94E0-B493D130C959} - C:\Programme\Mindjet\MindManager 6\Mm6InternetExplorer.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Programme\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Programme\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Programme\Gemeinsame Dateien\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programme\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Programme\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [mcagent_exe] C:\Programme\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [EEventManager] C:\Programme\EPSON\Creativity Suite\Event Manager\EEventManager.exe
O4 - HKLM\..\Run: [MMReminderService] C:\Programme\Mindjet\MindManager 6\MMReminderService.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Programme\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader - Schnellstart.lnk = C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Programme\Cisco Systems\vpnclient-win-is-4.8.01.0300-k9\vpngui.exe
O4 - Global Startup: Last.fm Helper.lnk = C:\Programme\Last.fm\LastFMHelper.exe
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Send to Mindjet MindManager - {531B9DC0-D8EE-4c76-A6EE-6C1E50569655} - C:\Programme\Mindjet\MindManager 6\Mm6InternetExplorer.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: RaptisoftGameLoader - http://www.miniclips.com/hamsterball...gameloader.cab
O16 - DPF: {3B36B017-7E49-426B-95B0-B5CECD83C2E2} (IfolorUploader Control) - http://chkr-web.ifolor.net/ORDERINGG...oader_chkr.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...6/mcinsctl.cab
O16 - DPF: {60EFC337-15C2-4369-B2A0-3429B071D8B8} (Hewlett-Packard Printer Diagnostics) - http://h50203.www5.hp.com/HPISWeb/Cu...WebManager.CAB
O16 - DPF: {6F1AF9D5-68BB-4A81-93F1-481CB8AB0D0B} (PhotocolorUploader Control) - http://web1.photocolor.net/webupload...orUploader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/sh...26/mcgdmgr.cab
O16 - DPF: {C111A91F-D4EC-4D22-8D27-C3BCB0389F43} - http://webcam.singlehoteleden.ch/activex/AMC.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{311C0C63-BA81-4421-A34A-EA0D9388B893}: NameServer = 195.186.1.111,212.243.111.237
O17 - HKLM\System\CS1\Services\Tcpip\..\{311C0C63-BA81-4421-A34A-EA0D9388B893}: NameServer = 195.186.1.111,212.243.111.237
O20 - Winlogon Notify: iifdcbx - C:\WINDOWS\SYSTEM32\iifdcbx.dll
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Programme\Cisco Systems\vpnclient-win-is-4.8.01.0300-k9\cvpnd.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programme\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\programme\gemeinsame dateien\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\GEMEIN~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Programme\McAfee\MPF\MPFSrv.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Programme\Intel\PROSetWired\NCS\Sync\NetSvc.exe

--
End of file - 9079 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R3 smwdm - c:\windows\system32\drivers\smwdm.sys <Not Verified; Analog Devices, Inc.; SoundMAX Digital Audio Driver>

S3 catchme - c:\dokume~1\thomas\lokale~1\temp\catchme.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

All services whitelisted.


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Cisco Systems VPN Adapter
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco Systems VPN Adapter
PNP Device ID: ROOT\NET\0000
Service: CVirtA


-- Scheduled Tasks -------------------------------------------------------------

2007-03-15 0119 360 --a------ C:\WINDOWS\Tasks\McDefragTask.job
2007-03-03 14:47:29 338 --a------ C:\WINDOWS\Tasks\McQcTask.job


-- Files created between 2007-10-26 and 2007-11-26 -----------------------------

2007-11-26 21:07:22 0 d-------- C:\Programme\Trend Micro
2007-11-25 23:51:12 0 d-------- C:\VundoFix Backups
2007-11-25 23:16:49 1545623 --a------ C:\Programme\ComboFix.exe
2007-11-25 22:46:36 0 d-------- C:\!KillBox
2007-11-25 12:18:37 0 d-------- C:\Programme\Enigma Software Group
2007-11-25 01:05:51 38912 --a------ C:\WINDOWS\system32\pmnnklm.dll
2007-11-25 01:05:50 38912 --a------ C:\WINDOWS\system32\tuvwxut.dll
2007-11-25 01:05:15 38912 --a------ C:\WINDOWS\system32\iifdcbx.dll
2007-11-23 09:05:51 0 d-------- C:\Programme\MSXML 4.0
2007-11-22 13:07:21 0 d-------- C:\Programme\Mindjet
2007-11-22 10:35:37 247296 --a------ C:\WINDOWS\system32\enspres.dll <Not Verified; SEIKO EPSON CORPORATION; EpsonNet Print Utility>
2007-11-22 10:35:37 457611 --a------ C:\WINDOWS\system32\ensppui.dll <Not Verified; SEIKO EPSON CORPORATION; EpsonNet Print Utility>
2007-11-22 10:35:37 474892 --a------ C:\WINDOWS\system32\ensppmon.dll <Not Verified; SEIKO EPSON CORPORATION; EpsonNet Print Utility>
2007-11-21 17:30:50 679936 --a------ C:\WINDOWS\system32\UninstBPIP.exe <Not Verified; O2 INTERACTIVE LTD.; Business Photo Index Print Uninstaller>
2007-11-21 17:30:48 406016 --a------ C:\WINDOWS\system32\ltkrn12n.dll <Not Verified; LEAD Technologies, Inc.; LEADTOOLS(r) DLL for Win32 - Japanese build>
2007-11-21 17:30:38 0 d-------- C:\Programme\BPPRINT
2007-11-21 17:29:43 0 d-------- C:\Programme\OfficeReady Essentials
2007-11-21 17:23:27 294912 --a------ C:\WINDOWS\system32\msxbse35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2007-11-21 17:23:27 166672 --a------ C:\WINDOWS\system32\mstext35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2007-11-21 17:23:27 262144 --a------ C:\WINDOWS\system32\msrd2x35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2007-11-21 17:23:27 250128 --a------ C:\WINDOWS\system32\mspdox35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2007-11-21 17:23:27 344064 --a------ C:\WINDOWS\system32\msexch35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2007-11-21 17:23:26 368912 --a------ C:\WINDOWS\system32\VBAR332.DLL <Not Verified; Microsoft Corporation; Microsoft Visual Basic for Applications>
2007-11-21 17:23:26 44304 --a------ C:\WINDOWS\system32\msrpfs35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2007-11-21 17:23:26 415504 --a------ C:\WINDOWS\system32\msrepl35.dll <Not Verified; Microsoft Corporation; Microsoft® Access>
2007-11-21 17:23:26 168720 --a------ C:\WINDOWS\system32\msltus35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2007-11-21 17:23:26 1238288 --a------ C:\WINDOWS\system32\msjt4jlt.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2007-11-21 17:23:26 1050896 --a------ C:\WINDOWS\system32\msjet35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2007-11-21 17:23:26 252688 --a------ C:\WINDOWS\system32\msexcl35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2007-11-21 17:23:26 39424 --a------ C:\WINDOWS\system32\JETCOMP.exe <Not Verified; Microsoft Corporation; Microsoft® Database Compact Utility>
2007-11-21 17:23:25 24848 --a------ C:\WINDOWS\system32\msjter35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2007-11-21 17:23:25 123664 --a------ C:\WINDOWS\system32\msjint35.dll <Not Verified; Microsoft Corporation; Microsoft® Jet>
2007-11-21 17:23:24 73810 --a------ C:\WINDOWS\system32\rapi.dll <Not Verified; Microsoft Corporation; Microsoft ActiveSync>
2007-11-21 17:23:24 41044 --a------ C:\WINDOWS\system32\ceutil.dll <Not Verified; Microsoft Corporation; Microsoft ActiveSync>
2007-11-21 17:23:13 0 d-------- C:\Programme\NewSoft
2007-11-21 17:00:03 0 d-------- C:\Programme\EPSON
2007-11-21 16:55:18 65536 --a------ C:\WINDOWS\system32\EEBUtil.dll <Not Verified; SEIKO EPSON CORPORATION; EPSON Bidirectional Printer DebugTrace Tool>
2007-11-21 16:55:18 54272 --a------ C:\WINDOWS\system32\EEBSDKIF.dll <Not Verified; SEIKO EPSON CORPORATION; EPSON Bidirectional Printer>
2007-11-21 16:55:17 94208 --a------ C:\WINDOWS\system32\EEBDSCVR.dll
2007-11-21 16:55:17 126976 --a------ C:\WINDOWS\system32\EEBAPI.dll
2007-11-21 16:55:17 49152 --a------ C:\WINDOWS\system32\EBAPI.dll
2007-11-21 16:55:16 0 d-------- C:\Programme\Gemeinsame Dateien\EPSON
2007-11-21 16:55:15 247296 --a------ C:\WINDOWS\system32\enpres.dll <Not Verified; SEIKO EPSON CORPORATION; EpsonNet Print Utility>
2007-11-21 16:55:15 457611 --a------ C:\WINDOWS\system32\enppui.dll <Not Verified; SEIKO EPSON CORPORATION; EpsonNet Print Utility>
2007-11-21 16:55:15 474892 --a------ C:\WINDOWS\system32\enppmon.dll <Not Verified; SEIKO EPSON CORPORATION; EpsonNet Print Utility>
2007-11-21 16:55:15 208384 -----n--- C:\WINDOWS\system32\EBSETUP.dll <Not Verified; SEIKO EPSON CORPORATION; EPSON Status Monitor 2>
2007-11-21 16:55:15 5344 -----n--- C:\WINDOWS\system32\EBP16PIF.DLL <Not Verified; SEIKO EPSON Corporation; EBP16PIF>
2007-11-21 16:55:15 23040 -----n--- C:\WINDOWS\system32\EBAPISET.exe
2007-11-21 16:55:15 301056 -----n--- C:\WINDOWS\system32\EBAPISET.dll <Not Verified; SEIKO EPSON CORPORATION; EPSON Bidirectional Printer>
2007-11-21 16:55:12 0 d-------- C:\Programme\EpsonNet
2007-11-11 19:22:11 0 d-------- C:\Programme\Last.fm


-- Find3M Report ---------------------------------------------------------------

2007-11-26 21:04:36 0 d-------- C:\Dokumente und Einstellungen\Thomas\Anwendungsdaten\Skype
2007-11-26 20:01:04 396012 --a------ C:\WINDOWS\system32\PERFH007.DAT
2007-11-26 20:01:04 65470 --a------ C:\WINDOWS\system32\PERFC007.DAT
2007-11-25 23:12:48 0 d-------- C:\Programme\Gemeinsame Dateien
2007-11-25 23:11:56 0 d-------- C:\Programme\Axis Communications
2007-11-25 12:45:51 1613990 --a------ C:\Programme\ProcessExplorer.zip
2007-11-22 10:39:47 0 d--h----- C:\Programme\InstallShield Installation Information
2007-11-22 10:28:29 0 d-------- C:\Dokumente und Einstellungen\Thomas\Anwendungsdaten\InstallShield
2007-11-21 22:33:05 0 d-------- C:\Programme\Avery Zweckform Assistent 3.1
2007-11-21 21:54:20 0 d-------- C:\Dokumente und Einstellungen\Thomas\Anwendungsdaten\EPSON
2007-11-21 17:26:25 0 d-------- C:\Programme\Gemeinsame Dateien\InstallShield
2007-11-13 13:22:54 0 d-------- C:\Programme\McAfee
2007-11-12 20:43:37 0 d-------- C:\Programme\Gemeinsame Dateien\McAfee
2007-10-30 21:55:50 0 d-------- C:\Dokumente und Einstellungen\Thomas\Anwendungsdaten\WinRAR
2007-10-11 10:36:28 0 d-------- C:\Programme\Google


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2ABAAC42-84DF-4C00-89DA-BC7EB2B0E70B}]
25.11.2007 01:05 38912 --a------ C:\WINDOWS\system32\iifdcbx.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Programme\Java\jre1.5.0_09\bin\jusched.exe" [12.10.2006 03:10]
"SoundMAXPnP"="C:\Programme\Analog Devices\SoundMAX\SMax4PNP.exe" [30.06.2004 14:33]
"DVDLauncher"="C:\Programme\CyberLink\PowerDVD\DVDLauncher.exe" [12.10.2004 17:54]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [13.08.2004 02:05]
"UpdateManager"="C:\Programme\Gemeinsame Dateien\Sonic\Update Manager\sgtray.exe" [07.01.2004 02:01]
"QuickTime Task"="C:\Programme\QuickTime\qttask.exe" [01.09.2006 15:57]
"iTunesHelper"="C:\Programme\iTunes\iTunesHelper.exe" [17.12.2004 23:20]
"Adobe Photo Downloader"="C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [23.06.2005 20:33]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [20.09.2005 09:35]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [20.09.2005 09:32]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [20.09.2005 09:36]
"mcagent_exe"="C:\Programme\McAfee.com\Agent\mcagent.exe" [03.08.2007 22:33]
"EEventManager"="C:\Programme\EPSON\Creativity Suite\Event Manager\EEventManager.exe" [31.01.2005 10:02]
"pdfSaver3"="" []
"MMReminderService"="C:\Programme\Mindjet\MindManager 6\MMReminderService.exe" [12.04.2006 21:12]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [04.08.2004 15:00]
"Skype"="C:\Programme\Skype\Phone\Skype.exe" [24.11.2006 17:16]
"swg"="C:\Programme\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" []

C:\Dokumente und Einstellungen\Thomas\Startmen�\Programme\Autostart\
DESKTOP.INI [18.08.2004 14:18:48]

C:\Dokumente und Einstellungen\All Users\Startmen�\Programme\Autostart\
Adobe Gamma Loader.exe.lnk - C:\Programme\Gemeinsame Dateien\Adobe\Calibration\Adobe Gamma Loader.exe [14.02.2005 08:28:46]
Adobe Reader - Schnellstart.lnk - C:\Programme\Adobe\Acrobat 7.0\Reader\reader_sl.exe [23.09.2005 22:05:26]
Cisco Systems VPN Client.lnk - C:\Programme\Cisco Systems\vpnclient-win-is-4.8.01.0300-k9\vpngui.exe [13.04.2007 16:59:48]
DESKTOP.INI [18.08.2004 14:18:48]
Last.fm Helper.lnk - C:\Programme\Last.fm\LastFMHelper.exe [11.11.2007 19:22:12]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{2ABAAC42-84DF-4C00-89DA-BC7EB2B0E70B}"= C:\WINDOWS\system32\iifdcbx.dll [25.11.2007 01:05 38912]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\iifdcbx]
iifdcbx.dll 25.11.2007 01:05 38912 C:\WINDOWS\SYSTEM32\iifdcbx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\jkkll.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""




-- End of Deckard's System Scanner: finished at 2007-11-26 21:08:38 ------------

[LonnyRJones]

Welcome guise2

Delete the copy of comebofix you have and re-download run and post its report
Post a combofix log
1. Download this file - combofix.exe to your desktop
http://www.techsupportforum.com/sect...s/ComboFix.exe
alternate link
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

[guise2]

hello
thank you. here is my combofix-log. today my macaffee said, that I have another trojan called BEA. I don't know if it is a coincidence with vundo, or if I got it from a OCR-freeware I downloaded yesterday for my new epson-scanner....
this is a little bit frightening...

her my log:

ComboFix 07-11-19.4C - Thomas 2007-12-01 23:10:43.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.49.1031.18.644 [GMT 1:00]
ausgeführt von:: C:\Dokumente und Einstellungen\Thomas\Desktop\ComboFix.exe
* Neuer Wiederherstellungspunkt wurde erstellt
.

(((((((((((((((((((((((((((((((((((( Weitere L”schungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\SYSTEM32\ilnmp.ini
C:\WINDOWS\SYSTEM32\ilnmp.ini2
C:\WINDOWS\system32\pmnli.dll

.
((((((((((((((((((((((( Dateien erstellt von 2007-11-01 bis 2007-12-01 ))))))))))))))))))))))))))))))
.

2007-12-01 10:56 78,400 --a------ C:\WINDOWS\SYSTEM32\pujgiqdq.dll
2007-11-30 15:27 <DIR> d-------- C:\Programme\SimpleOCR
2007-11-30 15:26 9,739,116 --a------ C:\Programme\InstSocr.exe
2007-11-29 15:04 360,448 --a------ C:\WINDOWS\SYSTEM32\cdintf.dll
2007-11-29 14:35 608,448 --a------ C:\WINDOWS\SYSTEM32\COMCTL32.OCX
2007-11-29 14:35 57,344 --a------ C:\WINDOWS\SYSTEM32\Crypto.dll
2007-11-29 14:35 40,448 --a------ C:\WINDOWS\SYSTEM32\regobj.dll
2007-11-29 14:35 40,448 --a------ C:\WINDOWS\SYSTEM32\dsofile.dll
2007-11-29 13:59 <DIR> d-------- C:\Programme\EPSON Speed Dial Utility
2007-11-28 17:32 23,696 --a------ C:\WINDOWS\SYSTEM32\gebxuur.dll
2007-11-26 21:07 <DIR> d-------- C:\Programme\Trend Micro
2007-11-26 21:05 <DIR> d-------- C:\Deckard
2007-11-25 23:51 <DIR> d-------- C:\VundoFix Backups
2007-11-25 23:15 111,080 --a------ C:\Programme\OiUninstaller.exe
2007-11-25 12:45 1,613,990 --a------ C:\Programme\ProcessExplorer.zip
2007-11-25 12:18 <DIR> d-------- C:\Programme\Enigma Software Group
2007-11-25 01:05 38,912 --a------ C:\WINDOWS\SYSTEM32\tuvwxut.dll
2007-11-25 01:05 38,912 --a------ C:\WINDOWS\SYSTEM32\pmnnklm.dll
2007-11-25 01:05 38,912 --a------ C:\WINDOWS\SYSTEM32\iifdcbx.dll
2007-11-23 09:05 <DIR> d-------- C:\Programme\MSXML 4.0
2007-11-22 13:07 <DIR> d-------- C:\Programme\Mindjet
2007-11-22 13:07 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Mindjet
2007-11-22 10:35 474,892 --a------ C:\WINDOWS\SYSTEM32\ensppmon.dll
2007-11-22 10:35 457,611 --a------ C:\WINDOWS\SYSTEM32\ensppui.dll
2007-11-22 10:35 247,296 --a------ C:\WINDOWS\SYSTEM32\enspres.dll
2007-11-22 10:28 <DIR> d-------- C:\Dokumente und Einstellungen\Thomas\Anwendungsdaten\InstallShield
2007-11-21 17:33 <DIR> d-------- C:\Dokumente und Einstellungen\Thomas\Anwendungsdaten\EPSON
2007-11-21 17:30 <DIR> d-------- C:\Programme\BPPRINT
2007-11-21 17:30 679,936 --a------ C:\WINDOWS\SYSTEM32\UninstBPIP.exe
2007-11-21 17:29 <DIR> d-------- C:\Programme\OfficeReady Essentials
2007-11-21 17:23 <DIR> d-------- C:\Programme\NewSoft
2007-11-21 17:23 929,844 --a------ C:\WINDOWS\SYSTEM32\MFC42D.DLL
2007-11-21 17:23 368,912 --a------ C:\WINDOWS\SYSTEM32\VBAR332.DLL
2007-11-21 17:23 73,810 --a------ C:\WINDOWS\SYSTEM32\rapi.dll
2007-11-21 17:23 41,044 --a------ C:\WINDOWS\SYSTEM32\ceutil.dll
2007-11-21 17:23 39,424 --a------ C:\WINDOWS\SYSTEM32\JETCOMP.exe
2007-11-21 17:00 <DIR> d-------- C:\Programme\EPSON
2007-11-21 17:00 32,768 --a------ C:\WINDOWS\SYSTEM32\esccm.dll
2007-11-21 17:00 30,208 --a------ C:\WINDOWS\SYSTEM32\escwiab.dll
2007-11-21 17:00 27,648 --a------ C:\WINDOWS\SYSTEM32\escimg.dll
2007-11-21 16:55 <DIR> d-------- C:\Programme\Gemeinsame Dateien\EPSON
2007-11-21 16:55 <DIR> d-------- C:\Programme\EpsonNet
2007-11-21 16:55 96 --------- C:\WINDOWS\SYSTEM32\vssver.scc
2007-11-11 19:23 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Last.fm
2007-11-11 19:22 <DIR> d-------- C:\Programme\Last.fm

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-01 22:20 --------- d-----w C:\Dokumente und Einstellungen\Thomas\Anwendungsdaten\Skype
2007-11-30 08:32 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Google Updater
2007-11-29 13:35 --------- d--h--w C:\Programme\InstallShield Installation Information
2007-11-29 09:08 --------- d-----w C:\Programme\Avery Zweckform Assistent 3.1
2007-11-25 22:11 --------- d-----w C:\Programme\Axis Communications
2007-11-21 16:26 --------- d-----w C:\Programme\Gemeinsame Dateien\InstallShield
2007-11-13 12:22 --------- d-----w C:\Programme\McAfee
2007-11-12 19:43 --------- d-----w C:\Programme\Gemeinsame Dateien\McAfee
2007-10-25 16:55 8,495,616 ----a-w C:\WINDOWS\SYSTEM32\DLLCACHE\shell32.dll
2007-10-11 09:36 --------- d-----w C:\Programme\Google
2007-02-13 11:10 9,466,787 ----a-w C:\Programme\owbsetup-114.zip
2006-11-08 14:39 59,400,255 ----a-w C:\Programme\WinCmapTools_v4.07_10-10-06.exe
2006-07-03 11:57 13,640,684 ----a-w C:\Programme\PDFCreator-0_9_1_AFPLGhostscript_32bit.msi
2006-04-13 12:32 9,692,886 ----a-w C:\Programme\vlc-0.8.4a-win32.exe
2006-04-01 05:44 21,832,475 ----a-w C:\Programme\ptw06.exe
2005-08-20 13:07 10,958,640 ----a-w C:\Programme\GoogleEarth.exe
2005-02-19 11:46 10,479,136 ----a-w C:\Programme\RealPlayer10-5GOLD.exe
.

(((((((((((((((((((((((((((( Autostart Punkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0c9c1899-4a67-48e4-a3b9-2b4a531c894b}]
2007-12-01 10:56 78400 --a------ C:\WINDOWS\system32\pujgiqdq.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}]
2007-11-28 17:32 23696 --a------ C:\WINDOWS\system32\gebxuur.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15:00]
"Skype"="C:\Programme\Skype\Phone\Skype.exe" [2006-11-24 17:16]
"swg"="C:\Programme\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Programme\Java\jre1.5.0_09\bin\jusched.exe" [2006-10-12 03:10]
"SoundMAXPnP"="C:\Programme\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-06-30 14:33]
"DVDLauncher"="C:\Programme\CyberLink\PowerDVD\DVDLauncher.exe" [2004-10-12 17:54]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-08-13 02:05]
"UpdateManager"="C:\Programme\Gemeinsame Dateien\Sonic\Update Manager\sgtray.exe" [2004-01-07 02:01]
"QuickTime Task"="C:\Programme\QuickTime\qttask.exe" [2006-09-01 15:57]
"iTunesHelper"="C:\Programme\iTunes\iTunesHelper.exe" [2004-12-17 23:20]
"Adobe Photo Downloader"="C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-23 20:33]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 09:35]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 09:32]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 09:36]
"mcagent_exe"="C:\Programme\McAfee.com\Agent\mcagent.exe" [2007-08-03 22:33]
"EEventManager"="C:\Programme\EPSON\Creativity Suite\Event Manager\EEventManager.exe" [2005-01-31 10:02]
"pdfSaver3"="" []
"MMReminderService"="C:\Programme\Mindjet\MindManager 6\MMReminderService.exe" [2006-04-12 21:12]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15:00]

[hklm\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}"= C:\WINDOWS\system32\gebxuur.dll [2007-11-28 17:32 23696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gebxuur]
gebxuur.dll 2007-11-28 17:32 23696 C:\WINDOWS\SYSTEM32\gebxuur.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\pmnli.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

R2 EpsonNet_Primitive_Service;EpsonNet Primitive Service;C:\Programme\EpsonNet\common\bin\ensrvmgr.exe

.
Inhalt des "geplante Tasks" Ordners
"2007-03-15 0019 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\programme\mcafee\mqc\QcConsol.exe
"2007-03-03 13:47:29 C:\WINDOWS\Tasks\McQcTask.job"
- c:\programme\mcafee\mqc\QcConsol.exe
.
**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-01 23:19:44
Windows 5.1.2600 Service Pack 2 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostart Eintr„ge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
Zeit der Fertigstellung: 2007-12-01 23:21:31 - machine was rebooted
C:\ComboFix2.txt ... 2007-11-25 23:31
.
--- E O F ---

[LonnyRJones]

Launch Notepad (Important, not wordpad or other third party text editor), and copy and paste the contents
of the code box below into a new text file. (dont include the word code)
Save it as file name: cfscript.txt

Code:

file::
C:\WINDOWS\SYSTEM32\tuvwxut.dll
C:\WINDOWS\SYSTEM32\pmnnklm.dll
C:\Programme\OiUninstaller.exe
C:\WINDOWS\SYSTEM32\gebxuur.dll
C:\WINDOWS\SYSTEM32\pujgiqdq.dll
registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0c9c1899-4a67-48e4-a3b9-2b4a531c894b}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gebxuur]
killall::

http://users.pandora.be/bluepatchy/m...s/CFScript.gif
As in the picture above drag and drop cfscript.txt onto combofix.exe
when it is finished a text will open, post it.


"my macaffee said, that I have another trojan called BEA"
We would need to know the files name and location ?
============
Post a scan report from one or both of these free online scans
Panda ActiveScan-Free online scanner,
http://www.pandasoftware.com/products/activescan.htm
Pess "scan your PC now" allow the active x to install (if prompted)
Do a full scan > Click the my computer button
After the scan click see report then Save the report and post it back here please.
If you have problems read the FAQ http://www.pandasoftware.com/actives...q.asp?IdLang=2


http://www.kaspersky.com/virusscanner
Click scan settings and place a check next to use [x]extended database etc etc. Click ok.
Then choose: my computer: scan all your hard drives and mapped disks.
when finished click save as text and post that in your reply.

[guise2]

hi
here is my combo-log and also my panda-scan-report. it detected numerous spyware...

ComboFix 07-11-19.4C - Thomas 2007-12-03 9:36:52.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.49.1031.18.636 [GMT 1:00]
ausgeführt von:: C:\Dokumente und Einstellungen\Thomas\Desktop\ComboFix.exe
Command switches used :: C:\Dokumente und Einstellungen\Thomas\Desktop\cfscript.txt
* Neuer Wiederherstellungspunkt wurde erstellt

FILE
C:\Programme\OiUninstaller.exe
C:\WINDOWS\SYSTEM32\gebxuur.dll
C:\WINDOWS\SYSTEM32\pmnnklm.dll
C:\WINDOWS\SYSTEM32\pujgiqdq.dll
C:\WINDOWS\SYSTEM32\tuvwxut.dll
.

(((((((((((((((((((((((((((((((((((( Weitere L”schungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Programme\OiUninstaller.exe
C:\WINDOWS\SYSTEM32\gebxuur.dll
C:\WINDOWS\SYSTEM32\pmnnklm.dll
C:\WINDOWS\SYSTEM32\pujgiqdq.dll
C:\WINDOWS\SYSTEM32\qrqss.ini
C:\WINDOWS\SYSTEM32\qrqss.ini2
C:\WINDOWS\system32\ssqrq.dll
C:\WINDOWS\SYSTEM32\tuvwxut.dll

.
((((((((((((((((((((((( Dateien erstellt von 2007-11-03 bis 2007-12-03 ))))))))))))))))))))))))))))))
.

2007-11-30 15:27 <DIR> d-------- C:\Programme\SimpleOCR
2007-11-30 15:26 9,739,116 --a------ C:\Programme\InstSocr.exe
2007-11-29 15:04 360,448 --a------ C:\WINDOWS\SYSTEM32\cdintf.dll
2007-11-29 14:35 608,448 --a------ C:\WINDOWS\SYSTEM32\COMCTL32.OCX
2007-11-29 14:35 57,344 --a------ C:\WINDOWS\SYSTEM32\Crypto.dll
2007-11-29 14:35 40,448 --a------ C:\WINDOWS\SYSTEM32\regobj.dll
2007-11-29 14:35 40,448 --a------ C:\WINDOWS\SYSTEM32\dsofile.dll
2007-11-29 13:59 <DIR> d-------- C:\Programme\EPSON Speed Dial Utility
2007-11-26 21:07 <DIR> d-------- C:\Programme\Trend Micro
2007-11-26 21:05 <DIR> d-------- C:\Deckard
2007-11-25 23:51 <DIR> d-------- C:\VundoFix Backups
2007-11-25 12:45 1,613,990 --a------ C:\Programme\ProcessExplorer.zip
2007-11-25 12:18 <DIR> d-------- C:\Programme\Enigma Software Group
2007-11-25 01:05 38,912 --a------ C:\WINDOWS\SYSTEM32\iifdcbx.dll
2007-11-23 09:05 <DIR> d-------- C:\Programme\MSXML 4.0
2007-11-22 13:07 <DIR> d-------- C:\Programme\Mindjet
2007-11-22 13:07 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Mindjet
2007-11-22 10:35 474,892 --a------ C:\WINDOWS\SYSTEM32\ensppmon.dll
2007-11-22 10:35 457,611 --a------ C:\WINDOWS\SYSTEM32\ensppui.dll
2007-11-22 10:35 247,296 --a------ C:\WINDOWS\SYSTEM32\enspres.dll
2007-11-22 10:28 <DIR> d-------- C:\Dokumente und Einstellungen\Thomas\Anwendungsdaten\InstallShield
2007-11-21 17:33 <DIR> d-------- C:\Dokumente und Einstellungen\Thomas\Anwendungsdaten\EPSON
2007-11-21 17:30 <DIR> d-------- C:\Programme\BPPRINT
2007-11-21 17:30 679,936 --a------ C:\WINDOWS\SYSTEM32\UninstBPIP.exe
2007-11-21 17:29 <DIR> d-------- C:\Programme\OfficeReady Essentials
2007-11-21 17:23 <DIR> d-------- C:\Programme\NewSoft
2007-11-21 17:23 929,844 --a------ C:\WINDOWS\SYSTEM32\MFC42D.DLL
2007-11-21 17:23 368,912 --a------ C:\WINDOWS\SYSTEM32\VBAR332.DLL
2007-11-21 17:23 41,044 --a------ C:\WINDOWS\SYSTEM32\ceutil.dll
2007-11-21 17:23 39,424 --a------ C:\WINDOWS\SYSTEM32\JETCOMP.exe
2007-11-21 17:00 <DIR> d-------- C:\Programme\EPSON
2007-11-21 17:00 32,768 --a------ C:\WINDOWS\SYSTEM32\esccm.dll
2007-11-21 17:00 30,208 --a------ C:\WINDOWS\SYSTEM32\escwiab.dll
2007-11-21 17:00 27,648 --a------ C:\WINDOWS\SYSTEM32\escimg.dll
2007-11-21 16:55 <DIR> d-------- C:\Programme\Gemeinsame Dateien\EPSON
2007-11-21 16:55 <DIR> d-------- C:\Programme\EpsonNet
2007-11-21 16:55 96 --------- C:\WINDOWS\SYSTEM32\vssver.scc
2007-11-11 19:23 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Last.fm
2007-11-11 19:22 <DIR> d-------- C:\Programme\Last.fm

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-03 08:31 --------- d-----w C:\Dokumente und Einstellungen\Thomas\Anwendungsdaten\Skype
2007-12-02 13:11 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Google Updater
2007-11-29 13:35 --------- d--h--w C:\Programme\InstallShield Installation Information
2007-11-29 09:08 --------- d-----w C:\Programme\Avery Zweckform Assistent 3.1
2007-11-25 22:11 --------- d-----w C:\Programme\Axis Communications
2007-11-21 16:26 --------- d-----w C:\Programme\Gemeinsame Dateien\InstallShield
2007-11-13 12:22 --------- d-----w C:\Programme\McAfee
2007-11-12 19:43 --------- d-----w C:\Programme\Gemeinsame Dateien\McAfee
2007-10-11 09:36 --------- d-----w C:\Programme\Google
2007-02-13 11:10 9,466,787 ----a-w C:\Programme\owbsetup-114.zip
2006-11-08 14:39 59,400,255 ----a-w C:\Programme\WinCmapTools_v4.07_10-10-06.exe
2006-07-03 11:57 13,640,684 ----a-w C:\Programme\PDFCreator-0_9_1_AFPLGhostscript_32bit.msi
2006-04-13 12:32 9,692,886 ----a-w C:\Programme\vlc-0.8.4a-win32.exe
2006-04-01 05:44 21,832,475 ----a-w C:\Programme\ptw06.exe
2005-08-20 13:07 10,958,640 ----a-w C:\Programme\GoogleEarth.exe
2005-02-19 11:46 10,479,136 ----a-w C:\Programme\RealPlayer10-5GOLD.exe
.

((((((((((((((((((((((((((((( snapshot@2007-12-01_23.20.29.73 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-12-01 21:31:18 32,768 ----a-w C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Cookies\index.dat
+ 2007-12-03 08:26:19 32,768 ----a-w C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Cookies\index.dat
- 2007-12-01 21:31:18 32,768 ----a-w C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Lokale Einstellungen\Verlauf\History.IE5\index.dat
+ 2007-12-03 08:26:19 32,768 ----a-w C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Lokale Einstellungen\Verlauf\History.IE5\index.dat
- 2007-12-01 12:37:18 65,470 ----a-w C:\WINDOWS\SYSTEM32\PERFC007.DAT
+ 2007-12-03 08:25:40 65,470 ----a-w C:\WINDOWS\SYSTEM32\PERFC007.DAT
- 2007-12-01 12:37:18 54,280 ----a-w C:\WINDOWS\SYSTEM32\PERFC009.DAT
+ 2007-12-03 08:25:40 54,280 ----a-w C:\WINDOWS\SYSTEM32\PERFC009.DAT
- 2007-12-01 12:37:18 396,012 ----a-w C:\WINDOWS\SYSTEM32\PERFH007.DAT
+ 2007-12-03 08:25:40 396,012 ----a-w C:\WINDOWS\SYSTEM32\PERFH007.DAT
- 2007-12-01 12:37:19 384,596 ----a-w C:\WINDOWS\SYSTEM32\PERFH009.DAT
+ 2007-12-03 08:25:40 384,596 ----a-w C:\WINDOWS\SYSTEM32\PERFH009.DAT
.
(((((((((((((((((((((((((((( Autostart Punkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15:00]
"Skype"="C:\Programme\Skype\Phone\Skype.exe" [2006-11-24 17:16]
"swg"="C:\Programme\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Programme\Java\jre1.5.0_09\bin\jusched.exe" [2006-10-12 03:10]
"SoundMAXPnP"="C:\Programme\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-06-30 14:33]
"DVDLauncher"="C:\Programme\CyberLink\PowerDVD\DVDLauncher.exe" [2004-10-12 17:54]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-08-13 02:05]
"UpdateManager"="C:\Programme\Gemeinsame Dateien\Sonic\Update Manager\sgtray.exe" [2004-01-07 02:01]
"QuickTime Task"="C:\Programme\QuickTime\qttask.exe" [2006-09-01 15:57]
"iTunesHelper"="C:\Programme\iTunes\iTunesHelper.exe" [2004-12-17 23:20]
"Adobe Photo Downloader"="C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-23 20:33]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 09:35]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 09:32]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 09:36]
"mcagent_exe"="C:\Programme\McAfee.com\Agent\mcagent.exe" [2007-08-03 22:33]
"EEventManager"="C:\Programme\EPSON\Creativity Suite\Event Manager\EEventManager.exe" [2005-01-31 10:02]
"pdfSaver3"="" []
"MMReminderService"="C:\Programme\Mindjet\MindManager 6\MMReminderService.exe" [2006-04-12 21:12]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15:00]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\ssqrq.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

R2 EpsonNet_Primitive_Service;EpsonNet Primitive Service;C:\Programme\EpsonNet\common\bin\ensrvmgr.exe

.
Inhalt des "geplante Tasks" Ordners
"2007-03-15 0019 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\programme\mcafee\mqc\QcConsol.exe
"2007-03-03 13:47:29 C:\WINDOWS\Tasks\McQcTask.job"
- c:\programme\mcafee\mqc\QcConsol.exe
.
**************************************************************************

catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-03 09:44:20
Windows 5.1.2600 Service Pack 2 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostart Eintr„ge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
Zeit der Fertigstellung: 2007-12-03 9:45:21 - machine was rebooted
C:\ComboFix2.txt ... 2007-12-01 23:21
C:\ComboFix3.txt ... 2007-11-25 23:31
.
--- E O F ---




Incident Status Location

Spyware:Cookie/YieldManager Not disinfected C:\Dokumente und Einstellungen\Thomas\Cookies\thomas@ad.yieldmanager[2].txt
Spyware:Cookie/Adserver Not disinfected C:\Dokumente und Einstellungen\Thomas\Cookies\thomas@adserver.easyad[1].txt
Spyware:Cookie/Adtech Not disinfected C:\Dokumente und Einstellungen\Thomas\Cookies\thomas@adtech[1].txt
Spyware:Cookie/Advertising Not disinfected C:\Dokumente und Einstellungen\Thomas\Cookies\thomas@advertising[2].txt
Spyware:Cookie/Apmebf Not disinfected C:\Dokumente und Einstellungen\Thomas\Cookies\thomas@apmebf[2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Dokumente und Einstellungen\Thomas\Cookies\thomas@atdmt[1].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Dokumente und Einstellungen\Thomas\Cookies\thomas@bs.serving-sys[1].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Dokumente und Einstellungen\Thomas\Cookies\thomas@casalemedia[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Dokumente und Einstellungen\Thomas\Cookies\thomas@doubleclick[1].txt
Spyware:Cookie/FastClick Not disinfected C:\Dokumente und Einstellungen\Thomas\Cookies\thomas@fastclick[1].txt
Spyware:Cookie/Linksynergy Not disinfected C:\Dokumente und Einstellungen\Thomas\Cookies\thomas@linksynergy[1].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Dokumente und Einstellungen\Thomas\Cookies\thomas@mediaplex[1].txt
Spyware:Cookie/RealMedia Not disinfected C:\Dokumente und Einstellungen\Thomas\Cookies\thomas@realmedia[2].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Dokumente und Einstellungen\Thomas\Cookies\thomas@serving-sys[2].txt
Spyware:Cookie/Statcounter Not disinfected C:\Dokumente und Einstellungen\Thomas\Cookies\thomas@statcounter[2].txt
Spyware:Cookie/WebtrendsLive Not disinfected C:\Dokumente und Einstellungen\Thomas\Cookies\thomas@statse.webtrendslive[2].txt
Spyware:Cookie/Tradedoubler Not disinfected C:\Dokumente und Einstellungen\Thomas\Cookies\thomas@tradedoubler[2].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Dokumente und Einstellungen\Thomas\Cookies\thomas@tribalfusion[1].txt
Spyware:Cookie/Xiti Not disinfected C:\Dokumente und Einstellungen\Thomas\Cookies\thomas@xiti[1].txt
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Dokumente und Einstellungen\Thomas\Desktop\ComboFix.exe[nircmd.exe]
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Dokumente und Einstellungen\Thomas\Desktop\ComboFix.exe[nircmd.cfexe]
Adware:Adware/DnsInsider Not disinfected C:\qoobox\Quarantine\C\Programme\OiUninstaller.exe.vir
Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\WINDOWS\NirCmd.exe

[LonnyRJones]

The item in the panda report are just cookies and what we have removed already using tools.


Hows the PC running now ?
Any alerts now from your antivirus ? if so tell us the files name and location, that is if the antivirus cannot quarantine or clean it.

Think Prevention: Put in place a good hosts file
http://www.mvps.org/winhelp2002/hosts.htm
How To Download and Extract the HOSTS file:
http://www.mvps.org/winhelp2002/hosts2.htm
Repeat that proccess about once or twice a month

[guise2]

hi
until now, there were no further anitvir-alerts so far. that's good news! I will have you informed if there are new reports, however I appreciate your help very much. thanks a lot!!!

[LonnyRJones]

One minor detail to handle

Delete your copy of combofix, re-download run and post one final log please. http://download.bleepingcomputer.com/sUBs/ComboFix.exe

[guise2]

here again a combo-fix log from today:

ComboFix 07-12-02.6 - Thomas 2007-12-04 8:00:49.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.49.1031.18.619 [GMT 1:00]
ausgeführt von:: C:\Dokumente und Einstellungen\Thomas\Desktop\ComboFix.exe
* Neuer Wiederherstellungspunkt wurde erstellt
.

(((((((((((((((((((((((((((((((((((( Weitere L”schungen ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\iifdcbx.dll

.
((((((((((((((((((((((( Dateien erstellt von 2007-11-04 bis 2007-12-04 ))))))))))))))))))))))))))))))
.

2007-12-03 09:53 . 2007-12-03 11:18 <DIR> d-------- C:\WINDOWS\SYSTEM32\ActiveScan
2007-12-03 09:53 . 2007-12-03 09:53 30,590 --a------ C:\WINDOWS\SYSTEM32\pavas.ico
2007-12-03 09:53 . 2007-12-03 09:53 2,550 --a------ C:\WINDOWS\SYSTEM32\Uninstall.ico
2007-12-03 09:53 . 2007-12-03 09:53 1,406 --a------ C:\WINDOWS\SYSTEM32\Help.ico
2007-12-03 09:23 . 2007-12-03 09:23 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2007-12-03 09:23 . 2007-12-03 09:23 1,409 --a------ C:\WINDOWS\QTFont.for
2007-11-30 15:27 . 2007-12-01 11:13 <DIR> d-------- C:\Programme\SimpleOCR
2007-11-30 15:26 . 2007-11-30 15:26 9,739,116 --a------ C:\Programme\InstSocr.exe
2007-11-29 15:04 . 2003-06-02 13:30 360,448 --a------ C:\WINDOWS\SYSTEM32\cdintf.dll
2007-11-29 14:35 . 2000-05-22 00:00 608,448 --a------ C:\WINDOWS\SYSTEM32\COMCTL32.OCX
2007-11-29 14:35 . 2002-09-23 13:44 57,344 --a------ C:\WINDOWS\SYSTEM32\Crypto.dll
2007-11-29 14:35 . 1997-06-25 15:24 40,448 --a------ C:\WINDOWS\SYSTEM32\regobj.dll
2007-11-29 14:35 . 2001-07-05 15:05 40,448 --a------ C:\WINDOWS\SYSTEM32\dsofile.dll
2007-11-29 13:59 . 2007-11-29 13:59 <DIR> d-------- C:\Programme\EPSON Speed Dial Utility
2007-11-29 13:50 . 2004-09-30 12:07 80,742 --a------ C:\WINDOWS\SYSTEM32\EBPMON2.DLL
2007-11-29 13:50 . 2003-05-21 11:27 64,000 --a------ C:\WINDOWS\SYSTEM32\ECBTEG.DLL
2007-11-29 13:50 . 2001-09-04 11:04 182 --a------ C:\WINDOWS\SYSTEM32\EBPPORT.DAT
2007-11-26 21:07 . 2007-11-26 21:07 <DIR> d-------- C:\Programme\Trend Micro
2007-11-26 21:05 . 2007-11-26 21:05 <DIR> d-------- C:\Deckard
2007-11-25 23:51 . 2007-11-25 23:51 <DIR> d-------- C:\VundoFix Backups
2007-11-25 12:45 . 2007-11-25 12:45 1,613,990 --a------ C:\Programme\ProcessExplorer.zip
2007-11-25 12:18 . 2007-11-26 19:57 <DIR> d-------- C:\Programme\Enigma Software Group
2007-11-23 09:05 . 2007-11-23 09:05 <DIR> d-------- C:\Programme\MSXML 4.0
2007-11-22 13:07 . 2007-11-22 13:07 <DIR> d-------- C:\Programme\Mindjet
2007-11-22 13:07 . 2007-11-22 13:07 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Mindjet
2007-11-22 10:35 . 2006-11-30 14:39 474,892 --a------ C:\WINDOWS\SYSTEM32\ensppmon.dll
2007-11-22 10:35 . 2006-11-30 14:40 457,611 --a------ C:\WINDOWS\SYSTEM32\ensppui.dll
2007-11-22 10:35 . 2006-12-26 15:27 247,296 --a------ C:\WINDOWS\SYSTEM32\enspres.dll
2007-11-22 10:28 . 2007-11-22 10:28 <DIR> d-------- C:\Dokumente und Einstellungen\Thomas\Anwendungsdaten\InstallShield
2007-11-21 21:52 . 2007-11-21 21:52 876 --a------ C:\WINDOWS\$_hpcst$.hpc
2007-11-21 17:33 . 2007-11-29 14:00 <DIR> d-------- C:\Dokumente und Einstellungen\Thomas\Anwendungsdaten\EPSON
2007-11-21 17:33 . 2007-11-21 17:33 29 --a------ C:\WINDOWS\DEBUGSM.INI
2007-11-21 17:30 . 2007-11-21 17:30 <DIR> d-------- C:\Programme\BPPRINT
2007-11-21 17:29 . 2007-11-29 14:35 <DIR> d-------- C:\Programme\OfficeReady Essentials
2007-11-21 17:23 . 2007-11-29 14:31 <DIR> d-------- C:\Programme\NewSoft
2007-11-21 17:23 . 1999-09-29 20:04 1,238,288 --a------ C:\WINDOWS\SYSTEM32\msjt4jlt.dll
2007-11-21 17:21 . 2007-11-21 17:21 25 --a------ C:\WINDOWS\CDEALCX11SWCD.ini
2007-11-21 17:00 . 2007-11-21 17:24 <DIR> d-------- C:\Programme\EPSON
2007-11-21 17:00 . 2005-02-08 00:00 32,768 --a------ C:\WINDOWS\SYSTEM32\esccm.dll
2007-11-21 17:00 . 2005-02-08 00:00 30,208 --a------ C:\WINDOWS\SYSTEM32\escwiab.dll
2007-11-21 17:00 . 2005-02-08 00:00 27,648 --a------ C:\WINDOWS\SYSTEM32\escimg.dll
2007-11-21 16:55 . 2007-11-21 16:55 <DIR> d-------- C:\Programme\Gemeinsame Dateien\EPSON
2007-11-21 16:55 . 2007-11-29 13:51 <DIR> d-------- C:\Programme\EpsonNet
2007-11-21 16:54 . 2007-11-21 16:54 25 --a------ C:\WINDOWS\CDEALCX11Euro.ini
2007-11-11 19:23 . 2007-11-11 19:23 <DIR> d-------- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Last.fm
2007-11-11 19:22 . 2007-12-03 11:01 <DIR> d-------- C:\Programme\Last.fm

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-04 06:55 --------- d-----w C:\Dokumente und Einstellungen\Thomas\Anwendungsdaten\Skype
2007-12-03 23:19 --------- d-----w C:\Programme\Avery Zweckform Assistent 3.1
2007-12-03 14:11 --------- d-----w C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Google Updater
2007-12-03 09:58 --------- d-----w C:\Programme\iTunes
2007-11-29 13:35 --------- d--h--w C:\Programme\InstallShield Installation Information
2007-11-25 22:11 --------- d-----w C:\Programme\Axis Communications
2007-11-21 16:26 --------- d-----w C:\Programme\Gemeinsame Dateien\InstallShield
2007-11-13 12:22 --------- d-----w C:\Programme\McAfee
2007-11-12 19:43 --------- d-----w C:\Programme\Gemeinsame Dateien\McAfee
2007-10-11 09:36 --------- d-----w C:\Programme\Google
2007-02-13 11:10 9,466,787 ----a-w C:\Programme\owbsetup-114.zip
2006-11-08 14:39 59,400,255 ----a-w C:\Programme\WinCmapTools_v4.07_10-10-06.exe
2006-07-03 11:57 13,640,684 ----a-w C:\Programme\PDFCreator-0_9_1_AFPLGhostscript_32bit.msi
2006-04-13 12:32 9,692,886 ----a-w C:\Programme\vlc-0.8.4a-win32.exe
2006-04-01 05:44 21,832,475 ----a-w C:\Programme\ptw06.exe
2005-08-20 13:07 10,958,640 ----a-w C:\Programme\GoogleEarth.exe
2005-02-19 11:46 10,479,136 ----a-w C:\Programme\RealPlayer10-5GOLD.exe
.

((((((((((((((((((((((((((((( snapshot@2007-12-01_23.20.29.73 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-11-08 15:59:01 136,704 ----a-w C:\WINDOWS\catchme.exe
+ 2007-11-27 02:58:11 140,288 ----a-w C:\WINDOWS\catchme.exe
+ 2006-08-24 07:28:54 141,424 ----a-w C:\WINDOWS\Downloaded Program Files\asinst.dll
+ 2007-03-13 09:57:10 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
+ 2007-03-29 08:20:50 110,592 ----a-w C:\WINDOWS\SYSTEM32\ActiveScan\as.dll
+ 2006-10-05 15:15:26 233,472 ----a-w C:\WINDOWS\SYSTEM32\ActiveScan\ascontrol.dll
+ 2005-06-03 13:03:18 96,256 ----a-w C:\WINDOWS\SYSTEM32\ActiveScan\asmdat.dll
+ 2003-08-01 10:00:16 36,864 ----a-w C:\WINDOWS\SYSTEM32\ActiveScan\certdll.dll
+ 2005-05-20 12:42:44 86,016 ----a-w C:\WINDOWS\SYSTEM32\ActiveScan\instlsp.dll
+ 2006-02-16 17:20:20 4,608 ----a-w C:\WINDOWS\SYSTEM32\ActiveScan\memvfile.dll
+ 2005-10-25 17:08:32 348,160 ----a-w C:\WINDOWS\SYSTEM32\ActiveScan\msvcr71.dll
+ 2004-05-04 14:01:02 139,264 ----a-w C:\WINDOWS\SYSTEM32\ActiveScan\pavaleas.dll
+ 2006-07-14 12:04:10 45,056 ----a-w C:\WINDOWS\SYSTEM32\ActiveScan\pavdr.exe
+ 2006-04-10 09:50:02 159,832 ----a-w C:\WINDOWS\SYSTEM32\ActiveScan\pavexcom.dll
+ 2006-02-14 12:05:38 94,208 ----a-w C:\WINDOWS\SYSTEM32\ActiveScan\pavinas.dll
+ 2006-02-16 17:35:38 180,224 ----a-w C:\WINDOWS\SYSTEM32\ActiveScan\pavoe.dll
+ 2006-10-05 15:15:38 122,880 ----a-w C:\WINDOWS\SYSTEM32\ActiveScan\pavpz.dll
+ 2006-06-30 13:13:38 8,704 ----a-w C:\WINDOWS\SYSTEM32\ActiveScan\pfdnnt.exe
+ 2004-02-04 13:08:42 49,152 ----a-w C:\WINDOWS\SYSTEM32\ActiveScan\port32.dll
+ 2006-08-01 12:23:10 69,632 ----a-w C:\WINDOWS\SYSTEM32\ActiveScan\pscpu.dll
+ 2006-08-23 1208 1,388,544 ----a-w C:\WINDOWS\SYSTEM32\ActiveScan\pskahk.dll
+ 2006-08-17 10:38:14 10,752 ----a-w C:\WINDOWS\SYSTEM32\ActiveScan\pskalloc.dll
+ 2006-09-04 10:49:54 61,440 ----a-w C:\WINDOWS\SYSTEM32\ActiveScan\pskas.dll
+ 2006-08-18 07:46:18 779,264 ----a-w C:\WINDOWS\SYSTEM32\ActiveScan\pskavs.dll
+ 2007-03-26 13:25:34 417,792 ----a-w C:\WINDOWS\SYSTEM32\ActiveScan\pskcmp.dll
+ 2006-08-09 09:42:24 90,112 ----a-w C:\WINDOWS\SYSTEM32\ActiveScan\pskfss.dll
+ 2006-07-19 09:55:58 208,896 ----a-w C:\WINDOWS\SYSTEM32\ActiveScan\pskhtml.dll
+ 2006-01-20 15:57:00 9,728 ----a-w C:\WINDOWS\SYSTEM32\ActiveScan\pskmas.dll
+ 2006-05-17 08:50:12 14,336 ----a-w C:\WINDOWS\SYSTEM32\ActiveScan\pskmdfs.dll
+ 2006-08-16 09:58:12 33,280 ----a-w C:\WINDOWS\SYSTEM32\ActiveScan\pskpack.dll
+ 2006-06-30 13:42:36 266,240 ----a-w C:\WINDOWS\SYSTEM32\ActiveScan\pskscs.dll
+ 2006-08-17 13:33:14 62,976 ----a-w C:\WINDOWS\SYSTEM32\ActiveScan\pskutil.dll
+ 2006-08-08 12:13:10 13,312 ----a-w C:\WINDOWS\SYSTEM32\ActiveScan\pskvfile.dll
+ 2006-08-18 07:53:08 69,632 ----a-w C:\WINDOWS\SYSTEM32\ActiveScan\pskvfs.dll
+ 2006-08-18 07:49:50 167,936 ----a-w C:\WINDOWS\SYSTEM32\ActiveScan\pskvm.dll
+ 2007-04-18 16:16:04 353,840 ----a-w C:\WINDOWS\SYSTEM32\ActiveScan\psscan.dll
+ 2007-01-22 13:42:48 35,328 ----a-w C:\WINDOWS\SYSTEM32\ActiveScan\rawvfile.dll
+ 1997-09-18 05:12:32 9,488 ----a-w C:\WINDOWS\SYSTEM32\ActiveScan\sporder.dll
+ 2006-02-28 16:23:40 69,632 ----a-w C:\WINDOWS\SYSTEM32\ActiveScan\tcpvfile.dll
+ 2006-08-02 11:39:06 73,728 ----a-w C:\WINDOWS\SYSTEM32\asuninst.exe
- 2007-12-01 21:31:18 32,768 ----a-w C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Cookies\index.dat
+ 2007-12-04 06:59:04 32,768 ----a-w C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Cookies\index.dat
- 2007-12-01 21:31:18 32,768 ----a-w C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Lokale Einstellungen\Temporary Internet Files\Content.IE5\index.dat
+ 2007-12-04 06:59:04 32,768 ----a-w C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Lokale Einstellungen\Temporary Internet Files\Content.IE5\index.dat
- 2007-12-01 21:31:18 32,768 ----a-w C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Lokale Einstellungen\Verlauf\History.IE5\index.dat
+ 2007-12-04 06:59:04 32,768 ----a-w C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Lokale Einstellungen\Verlauf\History.IE5\index.dat
- 2007-12-01 12:37:18 65,470 ----a-w C:\WINDOWS\SYSTEM32\PERFC007.DAT
+ 2007-12-04 06:58:09 65,470 ----a-w C:\WINDOWS\SYSTEM32\PERFC007.DAT
- 2007-12-01 12:37:18 54,280 ----a-w C:\WINDOWS\SYSTEM32\PERFC009.DAT
+ 2007-12-04 06:58:09 54,280 ----a-w C:\WINDOWS\SYSTEM32\PERFC009.DAT
- 2007-12-01 12:37:18 396,012 ----a-w C:\WINDOWS\SYSTEM32\PERFH007.DAT
+ 2007-12-04 06:58:09 396,012 ----a-w C:\WINDOWS\SYSTEM32\PERFH007.DAT
- 2007-12-01 12:37:19 384,596 ----a-w C:\WINDOWS\SYSTEM32\PERFH009.DAT
+ 2007-12-04 06:58:09 384,596 ----a-w C:\WINDOWS\SYSTEM32\PERFH009.DAT
+ 2003-03-25 17:53:50 11,776 ----a-w C:\WINDOWS\SYSTEM32\ZPORT4AS.dll
.
-- Snapshot reset to current date --
.
(((((((((((((((((((((((((((( Autostart Punkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15:00]
"Skype"="C:\Programme\Skype\Phone\Skype.exe" [2006-11-24 17:16]
"swg"="C:\Programme\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Programme\Java\jre1.5.0_09\bin\jusched.exe" [2006-10-12 03:10]
"SoundMAXPnP"="C:\Programme\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-06-30 14:33]
"DVDLauncher"="C:\Programme\CyberLink\PowerDVD\DVDLauncher.exe" [2004-10-12 17:54]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2004-08-13 02:05]
"UpdateManager"="C:\Programme\Gemeinsame Dateien\Sonic\Update Manager\sgtray.exe" [2004-01-07 02:01]
"QuickTime Task"="C:\Programme\QuickTime\qttask.exe" [2006-09-01 15:57]
"iTunesHelper"="C:\Programme\iTunes\iTunesHelper.exe" [2004-12-17 23:20]
"Adobe Photo Downloader"="C:\Programme\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-23 20:33]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-09-20 09:35]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-09-20 09:32]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-09-20 09:36]
"mcagent_exe"="C:\Programme\McAfee.com\Agent\mcagent.exe" [2007-08-03 22:33]
"EEventManager"="C:\Programme\EPSON\Creativity Suite\Event Manager\EEventManager.exe" [2005-01-31 10:02]
"pdfSaver3"="" []
"MMReminderService"="C:\Programme\Mindjet\MindManager 6\MMReminderService.exe" [2006-04-12 21:12]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15:00]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

R2 EpsonNet_Primitive_Service;EpsonNet Primitive Service;C:\Programme\EpsonNet\common\bin\ensrvmgr.exe

.
Inhalt des "geplante Tasks" Ordners
"2007-03-15 0019 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\programme\mcafee\mqc\QcConsol.exe
"2007-03-03 13:47:29 C:\WINDOWS\Tasks\McQcTask.job"
- c:\programme\mcafee\mqc\QcConsol.exe
.
**************************************************************************

catchme 0.3.1318 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-04 08:05:40
Windows 5.1.2600 Service Pack 2 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostart Eintr„ge...

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
Zeit der Fertigstellung: 2007-12-04 845 - machine was rebooted
C:\ComboFix2.txt ... 2007-12-03 09:45
C:\ComboFix3.txt ... 2007-12-01 23:21
.
--- E O F ---

[LonnyRJones]

Looks good guise2

Uninstall combofix, go start > run type
combofix /u
press enter or click ok

keep an eye out for poroblems over the next week or so and post back if needed.
===
PC Safety and Security--What Do I Need?

To help avoid reinfection see "So how did I get infected in the first place?"
http://castlecops.com/postlite7736-.html
===

[guise2]

hi lonnyrjones

so far no more problems. computer is running as fast as before and there are no disapearings of the tool bar anymore. No antivir-reports neither. so, the problem is solved I think.
I wanted to express again my appreciation for your help. Thank you so much. You saved me a lot of work and trouble. Without knowing you, I wish you a peaceful christmas time and a succesful New Year.
Greetings from Switzerland...

[LonnyRJones]

Thats good to hear

Have a great Holiday season